如何在表1中为每个线程数据行插入注释数据,在php和mysql中使用表2的表单

时间:2014-02-25 17:18:49

标签: php mysql

抱歉我的英语很糟糕。我正在尝试使用mysql和php创建一个类似于页面的论坛。我创建2表,发布和评论。 在我的页面,用户可以发布一个帖子,也可以发布该帖子的评论。我发布帖子没问题。发表评论,我收到了一个错误。并且,如果可以的话,对于每个帖子,我可以发表许多评论。这是我的代码:

修改

这是forum_comment_add.php:

<?php
$con=mysqli_connect("localhost","root","admin","forum");
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

$post_id = $_POST['post_id'];
$query = "SELECT * FROM post WHERE post_id ='".$post_id."'";
$result = mysqli_query($con,$query);
$rows = mysqli_fetch_array($result);
?>
<table width="710" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<td width="708"><form name="comment_insert" method="post" action="forum_comment_add_go.php">
  <table width="398" border="0" align="center">
    <tr>
      <th width="24" scope="col">NO</th>
      <th width="90" scope="col">DATE</th>
      <th width="68" scope="col">TIME</th>
      <th width="198" scope="col">COMMENT</th>
      </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input name="date" type="text" id="date" size="15" /></td>
      <td><input name="time" type="text" id="time" size="10" maxlength="9" /></td>
      <td><input type="text" name="thread_comment" id="thread_comment" /></td>
      </tr>
    <tr>
      <td colspan="4" align="right"><?php echo "<input type='hidden' value='" . $rows['post_id'] . "' name='post_id'>"; echo "<input type='submit' value='Add Record'>";?></td>
    </tr>
  </table>


</form>
</td>
</tr>
</table>
<?php
mysqli_close($con);
?>

和forum_comment_add_go.php:

<script type="text/javascript">
function CloseWindow() {
    window.close(); 
    window.opener.location.reload();
}
</script>

<?php
error_reporting(E_ALL);
ini_set('display_errors','on');

$con=mysqli_connect("localhost","root","admin","forum");

if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
$date = $_POST['date'];
$time = $_POST['time'];
$thread_comment = $_POST['thread_comment'];
$post_id = $_POST['post_id'];
$comment_in="INSERT INTO comment ( date, time, thread_comment, post_id) VALUES ( '$date', '$time', '$thread_comment', '$post_id)";
$result=mysqli_query($con, $comment_in);

if($result){
echo "Successful";
echo "<BR>";
echo "<th><form>";
echo "<input type='button' onClick='CloseWindow()' value='Done' align='middle'>";
echo "</form></th>";
}   
else {
echo "Error";
}
mysqli_close($con);
?>

表格帖子,PK = post_id和表格评论,PK = id,FK = post_id,请参阅表格帖子中的PK。我想要做的是当我查看任何线程时,我可以发布评论。谁能帮我。我被困在发表评论。

1 个答案:

答案 0 :(得分:0)

首先,您的插入查询在变量周围放置了错误的单引号 - 

$comment_in="INSERT INTO comment ( date, time, thread_comment) VALUES ( $'date', $'time', $'thread_comment')";

应该是

$comment_in="INSERT INTO comment ( date, time, thread_comment) VALUES ( '$date', '$time', '$thread_comment')";

其次,在插入这些变量之前,我看不到您在$date中设置这些变量的位置$time$thread_commentforum_comment_add_go.php

第三,在插入评论时,您不包括评论所涉及的帖子ID。

所以你的代码可能就像 - 

$date = $_POST['date'];
$time = $_POST['time'];
$thread_comment = $_POST['thread_comment'];
$post_id = $_POST['post_id'];
$comment_in="INSERT INTO comment ( date, time, thread_comment, post_id) VALUES ( '$date', '$time', '$thread_comment', '$post_id)";

请注意,您可以使用sql注入,因为您直接插入用户值而不进行清理。看看How can I prevent SQL injection in PHP?

相关问题
最新问题